kvm-rdtsc-hack
kvm-rdtsc-hack copied to clipboard
h33p
Kernel module to evade KVM's detection through RDTSC timer
``` mkdir -p "~/Downloads/kvm_hardening/kvm-rdtsc-hack/build" mkdir -p "~/Downloads/kvm_hardening/kvm-rdtsc-hack/build"/kernel-hook touch "~/Downloads/kvm_hardening/kvm-rdtsc-hack/build/Makefile" make -C /lib/modules/5.15.2-gentoo-gentoo-dist/build M=~/Downloads/kvm_hardening/kvm-rdtsc-hack/build src=~/Downloads/kvm_hardening/kvm-rdtsc-hack modules make[1]: Entering directory '/usr/src/linux-5.15.2-gentoo' CC [M] ~/Downloads/kvm_hardening/kvm-rdtsc-hack/build/main.o ~/Downloads/kvm_hardening/kvm-rdtsc-hack/main.c: In function 'vcpu_pre_run': ~/Downloads/kvm_hardening/kvm-rdtsc-hack/main.c:83:32: error: too few...
With this kernel module active I'm able to pass Pafish's rdtsc/cpuid/rdtsc checks inconsistently (~3/4 runs) but I haven't been able to pass al-khaser's rdtsc/VM exit check at all. As mentioned...
